The Ultimate BSD Thread™ - The Devil Wears a Neckbeard

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Ultimate BSD Thread™ - The Devil Wears a Neckbeard

«‹›34 »

Computer viking: May 30, 2011; Now with less breakage.

alyandon posted:

Nope, not at all unique. We have a random assortment of FreeBSD machines (v8 through v10) for some very specific tasks among a seemingly endless sea of RHEL/Centos/Windows boxes that are all tied into Windows AD for authentication and authorization.

I'll ask someone in our unixsys group about how they are pulling off the AD integration on our FreeBSD boxes and update the thread if I get a coherent answer.

I've got AD (2003R2, yay) and random FreeBSD/linux boxes. I did, however, solve it by not matching uids/gids: I use winbind for auth, and NFS4 (sending usernames, not uids, over the wire) for file shares. It would probably be an issue if I, say, made a tar file on one machine and extracted on another - but that hasn't come up so far.

# ? Nov 12, 2014 20:42

Adbot: ADBOT LOVES YOU

# ? May 29, 2024 14:34

Bob Morales: Aug 18, 2006; ~~Just wear the fucking mask, Bob~~

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

Jan Koum, one of the the WhatsApp founders, donated $1,000,000 USD to the FreeBSD project

quote:

Last week, I donated one million dollars to the FreeBSD Foundation, which supports the open source operating system that has helped millions of programmers pursue their passions and bring their ideas to life.

I’m actually one of those people. I started using FreeBSD in the late 90s, when I didn’t have much money and was living in government housing. In a way, FreeBSD helped lift me out of poverty – one of the main reasons I got a job at Yahoo! is because they were using FreeBSD, and it was my operating system of choice. Years later, when Brian and I set out to build WhatsApp, we used FreeBSD to keep our servers running. We still do.

I’m announcing this donation to shine a light on the good work being done by the FreeBSD Foundation, with the hope that others will also help move this project forward. We’ll all benefit if FreeBSD can continue to give people the same opportunity it gave me – if it can lift more immigrant kids out of poverty, and help more startups build something successful, and even transformative.

# ? Nov 18, 2014 14:53

sarehu: Apr 20, 2007; (call/cc call/cc)

So, is FreeBSD still doing the whole "release new version but packages don't work" thing?

# ? Nov 23, 2014 05:54

Xenomorph: Jun 13, 2001

Maybe.
I'm tempted to just stay on 9.3 forever.

# ? Nov 23, 2014 08:04

sarehu: Apr 20, 2007; (call/cc call/cc)

So how do I even get stuff installed onto this? Like, pkg doesn't work (yet?) so suppose I wanted to install Emacs on this thing. My first instinct was to go to the Emacs website, get a link to its source code, and then download that in the FreeBSD and build from source.

I can't even do that because curl and wget don't exist.

Is the first post-installation step supposed to be to write an HTTP client from scratch, in C or C++?

Edit: Apparently there's a program named "fetch".

Update: Emacs seems to be building with no problems.

Update: ./temacs: not found

What the gently caress.

That's Emacs's fault maybe but I'm going to blame FreeBSD personally.

sarehu fucked around with this message at 04:44 on Nov 24, 2014

# ? Nov 24, 2014 04:37

hifi: Jul 25, 2012

Software compiled from source is installed via the ports collection.

What is wrong with pkg though? You type pkg install emacs and it does what exactly?

# ? Nov 24, 2014 05:08

sarehu: Apr 20, 2007; (call/cc call/cc)

hifi posted:

Software compiled from source is installed via the ports collection.

Last time I tried that (shortly after 9.1(?) was released) it didn't work, there were no ports available.

Update: Emacs won't compile out of the box (objectively speaking we can blame the FSF for this), but Vim will. (That is, I download the source, type ./configure --prefix=$HOME/prefix; make -j2; make install, and it works! Hooray for sanely built low-dependency software.)

hifi posted:

What is wrong with pkg though? You type pkg install emacs and it does what exactly?

No packages available to install matching 'emacs' have been found in the repositories.

This is true for any package other than 'pkg'.

sarehu fucked around with this message at 05:42 on Nov 24, 2014

# ? Nov 24, 2014 05:32

evol262: Nov 30, 2010; #!/usr/bin/perl

sarehu posted:

Last time I tried that (shortly after 9.1(?) was released) it didn't work, there were no ports available.

If you didn't install the ports tree and didn't sync it, that would be true. Otherwise, it's just a directory tree with files that are pretty easy to look at.

sarehu posted:

No packages available to install matching 'emacs' have been found in the repositories.

This is true for any package other than 'pkg'.

Please look at the confs in /etc/pkg/ and /usr/local/etc/pkg.conf

It sounds like your repository config is broken.

# ? Nov 24, 2014 06:20

sarehu: Apr 20, 2007; (call/cc call/cc)

evol262 posted:

Please look at the confs in /etc/pkg/ and /usr/local/etc/pkg.conf

It sounds like your repository config is broken.

No, it's not broken.

Update: It turns out you need to run pkg update -f the first time, not pkg update as instructed -- a fact which I discovered on a complete whim and not in any documentation anywhere.

sarehu fucked around with this message at 07:31 on Nov 24, 2014

# ? Nov 24, 2014 07:25

Ninja Rope: Oct 22, 2005; Wee.

It looks like the emacs packages are named after their version.

pkg search emacs posted:

emacs-devel-25.0.50.118251_1,2
emacs-koi8u-1.0
emacs-lisp-intro-2.04
emacs-nox11-24.4_2,3
emacs-w3m-emacs24-1.4.533.b.20140622_1
emacs-wiki-emacs24-2.72_6
emacs23-23.4_4,1
emacs24-24.4_2,3

I don't know anything about emacs but I'm guessing you want emacs-nox11 or emacs24 if you want a GUI.

# ? Nov 24, 2014 07:31

EvilMoFo: Jan 1, 2006

sarehu posted:

Update: Emacs won't compile out of the box (objectively speaking we can blame the FSF for this), but Vim will. (That is, I download the source, type ./configure --prefix=$HOME/prefix; make -j2; make install, and it works! Hooray for sanely built low-dependency software.)

You seem to be doing it wrong. Why aren't you using the port?

Their gently caress up w/the pkgng release is old news; I have used pkg successfully on 10.0 and 10.1 without any issues.

# ? Nov 24, 2014 18:15

wooger: Apr 16, 2005; YOU RESENT?

I tried PCBSD yesterday and today. Installed OK, logged in OK.

problem 1: I have an Nvidia card

Vesa drivers don't support the resolution of my monitor, leaving me with a blurry, out of aspect ratio picture.

I installed the Nvidia driver via the AppCafe GUI and rebooted.

No dice, I can't get the Nvidia driver to enable with any combination of display settings in the GUI. I even tried my old monitor just in case there was some oddball issue. I can't get any picture with Nvidia driver.

Problem 2: Gnome Shell requires 3D acceleration

So I'm stuck with KDE or Lumina. In the case of PCBSD, I can't believe they've stuck with the hideous default theming and icons for both of these. Everything about it screams '90s, and it'd be easy to improve by just applying a bit of taste and picking a small set of sane default themes.

Clearly I can jump into a shell and mess around with xorg.conf to find a solution, but I may as well start with FreeBSD from scratch in that case. I was impressed with the default setup in terms of media players, ability to map my spare Ext4 drive, install Chromium.

Not being able to auto detect the graphics, is a major fail however, and the are numerous graphical glitches all over - e.g. The top panel in Lumina and KDE obscures the top of each window.

It's a bunch of work to recreate all the automation and config that PCBSD is meant to give you out of the box in FreeBSD, and I'm not sure it's worth it for a desktop, when there's a chance it still won't work.

# ? Nov 24, 2014 23:21

Xenomorph: Jun 13, 2001

sarehu posted:

Last time I tried that (shortly after 9.1(?) was released) it didn't work, there were no ports available.

I think "pkg" has been working (with all repos full) since 9.2 (September 2013). It was a mess before that. Even without pkg, pkg_* tools and portmaster helped.

You can install pkg by just typing the command "pkg".

It wasn't too long ago that I finally cleaned up my systems and updated my docs to remove all the pkg_* tools stuff.

I try to update everything with pkg, first, then I do a port update with portmaster.

# ? Nov 24, 2014 23:50

Scrotum Modem: Sep 12, 2014

wooger posted:

I tried PCBSD yesterday and today. Installed OK, logged in OK.

problem 1: I have an Nvidia card

I haven't used FreeBSD for a desktop environment in a while, and since I have 2 nvidia cards myself (2x GTX770 in SLI) I decided to set up 10.1 RELEASE amd64 and see if I run into any issues. I successfully have everything working right. Since you didn't mention your actual setup with your graphics card model I don't know how much this will help but what the hell:

After installing FreeBSD which was a standard install, I ran "pkg" to trigger the pkg-ng installer. After that I did the following:

code:

pkg install xfce xorg nvidia-driver nvidia-settings nvidia-xconfig

No need to get into ports for the nvidia driver. I'm also a fan of xfce more than kde myself.

From the large amount of dependencies that get installed, dbus, hald, avahi get installed as well. you need hald and dbus to get devices detected when launching X.
add to /etc/rc.conf:

code:

hald_enable="YES"
dbus_enable="YES"

I also added avahi to the list for the desktop environment since it was a dependency of xfce though I probably don't need it.
Make sure this gets added to /boot/loader.conf:

code:

nvidia_load="YES"

Now you can either manually start up hald with "service hald start" (same with dbus) and manually load the nvidia module with "kldload nvidia" or reboot, your choice.

Next step is to generate the xorg.conf file as a superuser or root - here you need to know a few of the command arguments in order to enable certain features. If you aren't sure, start with:

code:

nvidia-xconfig --nologo

To get the whole list of options:

code:

nvidia-xconfig -A

Due to the fact that I have 2 cards and I wanted SLI enabled, I had to include a few other options as well as manually add 2 "BusID" lines to the generated xorg.conf so it can tell which card is assigned to which X11 device. Let me know if you need more info on that. It took me a few tries to figure out that that was the cause that was preventing X11 to start up.

Next is to just create your user's .xinitrc. Made mine with:

code:

echo "exec startxfce4" > ~/.xinitrc

Ran startx as normal user and had to tweak the nvidia display setup a little more with "nvidia-settings" to get the two displays set up the way I wanted to but other than that everything is good to go.

As you can see this was all manually done. I've never touched PC-BSD or any GUI-friendly variant of FreeBSD so I can't really help there. Hopefully this helps regardless.

e: end result:

Scrotum Modem fucked around with this message at 02:55 on Nov 25, 2014

# ? Nov 25, 2014 01:41

sarehu: Apr 20, 2007; (call/cc call/cc)

Xenomorph posted:

You can install pkg by just typing the command "pkg".

Everything works now that I ran "pkg update -f".

# ? Nov 25, 2014 03:57

wooger: Apr 16, 2005; YOU RESENT?

Gimp Fack posted:

I haven't used FreeBSD for a desktop environment in a while, and since I have 2 nvidia cards myself (2x GTX770 in SLI) I decided to set up 10.1 RELEASE amd64 and see if I run into any issues. I successfully have everything working right. Since you didn't mention your actual setup with your graphics card model I don't know how much this will help but what the hell:

After installing FreeBSD which was a standard install, I ran "pkg" to trigger the pkg-ng installer. After that I did the following:
code:
pkg install xfce xorg nvidia-driver nvidia-settings nvidia-xconfig
No need to get into ports for the nvidia driver. I'm also a fan of xfce more than kde myself.

From the large amount of dependencies that get installed, dbus, hald, avahi get installed as well. you need hald and dbus to get devices detected when launching X.
add to /etc/rc.conf:
code:
hald_enable="YES"
dbus_enable="YES"
I also added avahi to the list for the desktop environment since it was a dependency of xfce though I probably don't need it.
Make sure this gets added to /boot/loader.conf:
code:
nvidia_load="YES"
Now you can either manually start up hald with "service hald start" (same with dbus) and manually load the nvidia module with "kldload nvidia" or reboot, your choice.

Next step is to generate the xorg.conf file as a superuser or root - here you need to know a few of the command arguments in order to enable certain features. If you aren't sure, start with:
code:
nvidia-xconfig --nologo
To get the whole list of options:
code:
nvidia-xconfig -A
Due to the fact that I have 2 cards and I wanted SLI enabled, I had to include a few other options as well as manually add 2 "BusID" lines to the generated xorg.conf so it can tell which card is assigned to which X11 device. Let me know if you need more info on that. It took me a few tries to figure out that that was the cause that was preventing X11 to start up.

Next is to just create your user's .xinitrc. Made mine with:
code:
echo "exec startxfce4" > ~/.xinitrc
Ran startx as normal user and had to tweak the nvidia display setup a little more with "nvidia-settings" to get the two displays set up the way I wanted to but other than that everything is good to go.

As you can see this was all manually done. I've never touched PC-BSD or any GUI-friendly variant of FreeBSD so I can't really help there. Hopefully this helps regardless.

e: end result:

Cheers, was hoping to avoid this level of work, but maybe I'll give it a go. I'm sure it'll be easier than installing arch Linux anyway!

# ? Nov 25, 2014 09:28

Scrotum Modem: Sep 12, 2014

wooger posted:

Cheers, was hoping to avoid this level of work, but maybe I'll give it a go. I'm sure it'll be easier than installing arch Linux anyway!

Since I didn't do anything else with the OS I wiped it clean and tried latest PC-BSD just to see if I ran into similar issues you had. It detected the nvidia cards during installation and as such installed the drivers without me having to ask, and I didn't have any issue starting up KDE after installing. You never said what nvidia card you use. One common issue I can think of is if you have some laptop with nvidia optimus on it - don't expect that to work. Other than that, I'm surprised you had issues with detection, as my PC-BSD install went seamlessly.

# ? Nov 25, 2014 14:48

feld: Feb 11, 2008; Out of nowhere its.....

Feldman

Ninja Rope posted:

If I have a host that is running a custom kernel, but is almost completely stock 10-STABLE, is there a way to "update" it to a version from freebsd-update? I know I'll lose whatever I did differently building my own custom kernel, but they're so similar I don't think it will matter. I'd rather get back on binary releases.

Yes I explain in an earlier post in this thread how to lie to freebsd-update and tell it you're running -RELEASE.

Also, you could just grab the latest release tarballs and extract it over your OS as a real old-school upgrade. You should really know what you're doing before attempting this, though.

Xenomorph posted:

Maybe.
I'm tempted to just stay on 9.3 forever.

9.3 will be the last in the 9.x train and it's getting quite old already. Lots of really great improvements have happened since.

# ? Nov 27, 2014 18:28

wooger: Apr 16, 2005; YOU RESENT?

Gimp Fack posted:

Since I didn't do anything else with the OS I wiped it clean and tried latest PC-BSD just to see if I ran into similar issues you had. It detected the nvidia cards during installation and as such installed the drivers without me having to ask, and I didn't have any issue starting up KDE after installing. You never said what nvidia card you use. One common issue I can think of is if you have some laptop with nvidia optimus on it - don't expect that to work. Other than that, I'm surprised you had issues with detection, as my PC-BSD install went seamlessly.

Thanks. I was expecting auto detection to work too. You're saying that the Nvidia drivers auto installed for you though? Weird.

My hardware is not exotic, Asus P8Z77-V motherboard, Nvidia GeForce 560 Ti.

To be clear, KDE does work for me with the vesa driver, it's trying to change the video card that shows up the breakage.

# ? Nov 28, 2014 09:07

Xenomorph: Jun 13, 2001

feld posted:

9.3 will be the last in the 9.x train and it's getting quite old already. Lots of really great improvements have happened since.

Nothing worked for me in 10.0.

I tried Samba 4.1, but Winbind doesn't appear to function enough yet to read UID/GID from Active Directory. This kinda fucks up a whole lot of things since UID/GID is how permissions are handled. It seems like quite a big thing to not have working. (this may be more of an issue on the part of the Samba developers than the FreeBSD developers)

Trying Samba 3.6 was a no go, because a part of it (Kerberos?) would crash with it on 10.0. It was basically unusable.

FreeBSD 10.0 + Samba 4.1: user authentication works, but no UID/GID.
FreeBSD 10.0 + Samba 3.6: rarely user authentication works, but it does read UID/GID correctly on the rare times it didn't crash.
FreeBSD 9.2 or 9.3 + Samba 3.6: everything works!

I haven't tried 10.1, yet, so I don't know if things work with it.
I *do* know that 9.3 works, and I already have that installed, so I might just keep using it for another decade. I use it for a non public-facing file server. It's important for the authentication and file shares to work, even if it isn't running the newest stuff.

# ? Nov 28, 2014 10:56

wooger: Apr 16, 2005; YOU RESENT?

OK, so I posted a while back about my problems with PCBSD: Namely, I couldn't get the Nvidia driver working at all, and hence run Gnome-Shell.

I tried starting from scratch this week with the stock FreeBSD 10.1 installer.

I followed guides at [url=https://cooltrainer.org/a-freebsd-desktop-howto/]cooltrainer.org[/] & [url=http://www.bsdnow.tv/tutorials/the-desktop]bsdnow.tv[/].

As yet, no luck getting a Gnome-Shell desktop working, though I do at least have proper vt console and can startx and see the default xorg desktop.

I've probably made an error in manually typing one of the many config options in those guides, which I'll look at again tonight.

Two related problems I've found so far:

1)
Both these guides are actually suggesting to use ports exclusively, in part because the pkgng builds don't include compile time options for e.g. Mplayer and VLC that enable useful codec support.
It's not clear what use either of those players is without codecs, so this seems a poor choice to make the default.

Outside of those two examples, I can't think of any reason why I need to compile anything custom, but... Is there a way to avoid having to use ports for this stuff?

I'm used to the Debian method of just putting the whole binary in a separate "non-free" repository if freeness is a problem, and it will take some getting used to the BSD method.

2)
I pre-emptively typed pkg install <list of packages I use> at some point after the installer was finished.

When later following the guide and compiling various ports, I get errors and the process quits due to the fact that I've already got the pkgng binary versions of some of the dependencies installed (I think).

gettext*something* library was one of the problem dependencies.

Any way to avoid this conflict?
Can I not safely mix binary packages and ports?

If not, is there a command to mass remove all the binary packages installed with pkg?

# ? Dec 5, 2014 13:58

evol262: Nov 30, 2010; #!/usr/bin/perl

wooger posted:

OK, so I posted a while back about my problems with PCBSD: Namely, I couldn't get the Nvidia driver working at all, and hence run Gnome-Shell.

I tried starting from scratch this week with the stock FreeBSD 10.1 installer.

I followed guides at [url=https://cooltrainer.org/a-freebsd-desktop-howto/]cooltrainer.org[/] & [url=http://www.bsdnow.tv/tutorials/the-desktop]bsdnow.tv[/].

As yet, no luck getting a Gnome-Shell desktop working, though I do at least have proper vt console and can startx and see the default xorg desktop.

I've probably made an error in manually typing one of the many config options in those guides, which I'll look at again tonight.

Two related problems I've found so far:

1)
Both these guides are actually suggesting to use ports exclusively, in part because the pkgng builds don't include compile time options for e.g. Mplayer and VLC that enable useful codec support.
It's not clear what use either of those players is without codecs, so this seems a poor choice to make the default.

Outside of those two examples, I can't think of any reason why I need to compile anything custom, but... Is there a way to avoid having to use ports for this stuff?

I'm used to the Debian method of just putting the whole binary in a separate "non-free" repository if freeness is a problem, and it will take some getting used to the BSD method.

2)
I pre-emptively typed pkg install <list of packages I use> at some point after the installer was finished.

When later following the guide and compiling various ports, I get errors and process quits due to the fact that I've already got the pkgng binary versions of some of the dependencies installed (I think).

gettext*something* library was one of the problem dependencies.

Any way to avoid this conflict?
Can I not safely mix binary packages and ports?

If not, is there a command to mass remove all the binary packages installed with pkg?

Just portmaster -a

I don't have any problems with vlc from pkgng, at least.

What's wrong with gnome-shell? Install it, enable hal and dbus, install nvidia-drivers and enable them in loader.conf, start gnome-shell

# ? Dec 5, 2014 15:29

wooger: Apr 16, 2005; YOU RESENT?

evol262 posted:

Just portmaster -a

I don't have any problems with vlc from pkgng, at least.

What's wrong with gnome-shell? Install it, enable hal and dbus, install nvidia-drivers and enable them in loader.conf, start gnome-shell

Portmaster -a will remove all pkgng packages I have installed?

As far as Gnome goes, probably I missed or typoed something in the config, but my hardware is all unremarkable, not *too* new - Nvidia card is a 560 Ti.

Nether of those guides covered gnome-shell, but another I found told me to add:

code:

dbus_enable="YES"
hald_enable="YES"
gdm_enable="YES"
gnome_enable="YES"

to rc.conf

I'll check all these again, and loader.conf for

code:

nvidia_load="YES"

Also, I might've missed a package.

# ? Dec 5, 2014 16:18

evol262: Nov 30, 2010; #!/usr/bin/perl

wooger posted:

Portmaster -a will remove all pkgng packages I have installed?

As far as Gnome goes, probably I missed or typoed something in the config, but my hardware is all unremarkable, not *too* new - Nvidia card is a 560 Ti.

Nether of those guides covered gnome-shell, but another I found told me to add:
code:
dbus_enable="YES"
hald_enable="YES"
gdm_enable="YES"
gnome_enable="YES"
to rc.conf

I'll check all these again, and loader.conf for
code:
nvidia_load="YES"
Also, I might've missed a package.

No. Portmaster -a will look for upgrades to installed packages, via ports.

Adding that to rc.conf should be fine. What's happening when you try to start gnome?

# ? Dec 5, 2014 16:54

wooger: Apr 16, 2005; YOU RESENT?

evol262 posted:

No. Portmaster -a will look for upgrades to installed packages, via ports.

Adding that to rc.conf should be fine. What's happening when you try to start gnome?

Aha, so portmaster -a will do this regardless of how I installed the packages? That'd fix it.

I'm guessing that the order of those items in rc.conf is important - I have no idea what order they're in on my system.

Not in front of my PC right now, but will check in later.

Edit: Last time I rebooted, gdm didn't start and I found myself at the command prompt as usual (though having install nvidia drivers and enabled the vt console, it looked better than on the previous boot.

I tried startx and it went into the default xwindows only desktop, no themeing etc.

wooger fucked around with this message at 17:23 on Dec 5, 2014

# ? Dec 5, 2014 17:21

hifi: Jul 25, 2012

wooger posted:

Aha, so portmaster -a will do this regardless of how I installed the packages? That'd fix it.

I'm guessing that the order of those items in rc.conf is important - I have no idea what order they're in on my system.

Not in front of my PC right now, but will check in later.

Edit: Last time I rebooted, gdm didn't start and I found myself at the command prompt as usual (though having install nvidia drivers and enabled the vt console, it looked better than on the previous boot.

I tried startx and it went into the default xwindows only desktop, no themeing etc.

The startx issue is a red herring unless you are going to use it in addition to gdm. It's just going to use the default xsession config and start up twm + xterm.

I'd recommend sticking to the freebsd.org handbook instead of something off the internet: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x-config.html is about configuring x, which it looks like you have; https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x11-wm.html has a section on Gnome/GDM, which it looks like you missed the part about mounting procfs.

# ? Dec 5, 2014 18:39

wooger: Apr 16, 2005; YOU RESENT?

I was able to run portmaster -a without errors after manually deinstalling and re installing the packages devel/gettext-runtime & devel/gettext-tools.

Running some lengthy compiles now, we'll see if it's worth it.
Edit: An hour of compiling, then the process failed with an error about the Firefox port compile.

Not fixable in the same way. This all seems rather painful.

wooger fucked around with this message at 00:28 on Dec 6, 2014

# ? Dec 5, 2014 23:01

porkface: Dec 29, 2000

Does anyone know what I need to setup NAT loopback on an older FreeBSD 5.2.1 box running ipfw and natd?

# ? Dec 7, 2014 01:44

Qtotonibudinibudet: Nov 7, 2011; Omich poluyobok, skazhi ty narkoman? ya prosto tozhe gde to tam zhivu, mogli by vmeste uyobyvat' narkotiki

So I finally had it with pfsense's weird bullshit: why does radvd use 30 second router lifetimes even though that's clearly not the default in the code and not explicitly configured otherwise? Why is there no good way to fix the config file for it, and why does it stop handing out router advertisements eventually if you try to patch it up temporarily? Why does IPv6 traffic scoot along at 50mbs while IPv4 traffic is limited to 10mbs despite no QoS or anything set? Why do interfaces randomly autonegotiate to entirely wrong things? Who knows. The web GUI is nice, but when it's mostly just telling you how slow your traffic is going, it doesn't help much. Overall it worked pretty drat well, but the little things with no answer and no way to edit it yourself were annoying. Anyway, I decided I'd just gently caress it all and set up everything from scratch on FreeBSD myself, because I had a machine that could use it, and honestly this poo poo really isn't that hard because I sort of do it for work anyway. So I did that. Setting up FreeBSD as a basic router is basically one sysctl, and dhcpcd isn't that hard either. Whatever, so I don't have IPv6 anymore, no big deal. I can get that working another week.

Of course, I threw one weird set of issues for another--for some reason I can't do wireless directly through the new thing itself for things that are far too deep for me to want to think about. hostapd is set up correctly, but apparently some part of the IEEE 802.11 crypto handshake is going wrong, which is weird, because I know it worked once, but then it just stopped and nothing could associate anymore, consistently with the same "WPA: invalid MIC in msg 2/4 of 4-Way Handshake" error. And it's probably legitimate, but the only things I can find on it are some OpenWRT threads from 2012 and God knows what they changed--the developers that were working on it are literally Atheros employees, and I am not quite that close to the metal/familiar with IEEE 802.11 to do the math by hand. I probably could, but it's been a long day, and there are still lots of things that don't work. The kernel dumped a core too once, for no good reason. Really no matter, I can still go through the other wireless bridge I already had set up with no speed loss, and I need it anyway for the additional wired ethernet ports.

Anyway, I hate computers.

# ? Dec 28, 2014 01:00

SamDabbers: May 26, 2003

OpenBSD makes a pretty nice router, and the config files for its daemons are consistent and readable. PF owns.

# ? Dec 28, 2014 03:42

Xenomorph: Jun 13, 2001

I had given up on FreeBSD 10.x and Samba 4.x because authentication never worked. I figured something was just busted in Samba 4.x with Winbind. Using Samba 3.6 under FreeBSD 10.x resulted in things crashing due to Kerberos libraries, so I just went back to FreeBSD 9.3 with Samba 3.6.

When working with Ubuntu 14.04 servers, I noticed that they had no issue authenticating with the latest Samba 4.1.x.

Assuming things were fixed, I did a clean install of FreeBSD 10.1 and Samba 4.1, and it still didn't work.

My config is real simple:

code:

# server info
workgroup = DOMAIN
realm = DOMAIN.LOCAL
netbios name = Server
security = ads

# uid and gid is in ad
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 10000-19999
idmap config DOMAIN : schema_mode = rfc2307

# the gently caress-you range
idmap config * : range = 66666-66999
idmap config * : backend = tdb

# trap to see if it's even reading poo poo
winbind nss info = rfc2307
template home = /poo poo
template shell = /poo poo

"getent passwd user" or "wbinfo -i username" gives the results with the following setups:

FreeBSD 9.3 / Samba 3.6.24
username:*:10000:10000:User Name:/home/username:/bin/bash

Ubuntu 14.04 / Samba 4.1.6
username:*:10000:10000:User Name:/home/username:/bin/bash

FreeBSD 10.x / Samba 4.x (4.0.24 and 4.1.16 tested)
username:*:66666:66666:User Name:/poo poo:/poo poo

I set log level up really high, then noticed the logs filling with this for the Samba 4.x systems:

code:

[2015/02/03 17:00:47.849685,  3] ../source3/winbindd/idmap.c:230(idmap_init_domain)
  idmap backend ad not found
[2015/02/03 17:00:47.849727,  5] ../lib/util/modules.c:174(do_smb_load_module)
  Probing module 'ad'
[2015/02/03 17:00:47.849763,  5] ../lib/util/modules.c:188(do_smb_load_module)
  Probing module 'ad': Trying to load from /usr/local/lib/shared-modules/idmap/ad.so
[2015/02/03 17:00:47.849958,  5] ../lib/util/modules.c:56(load_module)
  Error loading module '/usr/local/lib/shared-modules/idmap/ad.so': Cannot open "/usr/local/lib/shared-modules/idmap/ad.so"
[2015/02/03 17:00:47.849985,  3] ../source3/winbindd/idmap.c:235(idmap_init_domain)
  Could not probe idmap module ad

That's the short version. The longer one is pretty much this over and over:

code:

  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found
  idmap backend ad not found

So where is the ad.so file?

/usr/local/lib/shared-modules/idmap contains this:

code:

autorid.so
hash.so
rfc2307.so
rid.so
tdb2.so

FreeBSD list the contents of their "samba41" package as having "ad.so". So why wouldn't I have it? How do I get it?

Winbind authentication has never worked for me with FreeBSD 10 or Samba 4. Has this really been broken for years? Why wouldn't I have "ad.so"? How do I get it?

Edit, what is this?
https://lists.samba.org/archive/samba-technical/2014-January/097511.html (Jan 2014)
"[PATCH] build: Build idmap_ad by default"

http://thr3ads.net/samba/2014/08/2784622-request-for-idmap_ad-module-to-be-built-as-default
"request for idmap_ad module to be built as default"

quote:

4.1.11 no longer includes the idmap_ad module in a default ./configure.
This has caught out at least two list users recently. We think it is
important enough to reinstate as default. Anyone with us? Especially
those whose task it will be to have to tell users via the list of the
change. . .

It looks like the official Samba builds have been leaving out "ad.so" from the builds for a while...

Xenomorph fucked around with this message at 01:03 on Feb 4, 2015

# ? Feb 4, 2015 00:38

Computer viking: May 30, 2011; Now with less breakage.

Huh - maybe I've been building it by hand and reflexively checking the AD box every time? Plausible enough.

(There is a check box for it, right?)

# ? Feb 4, 2015 01:40

Xenomorph: Jun 13, 2001

samba4 and samba41 were supposed to be built with ADS support (does that not include idmap_ad?). I was hoping that I could stick to binary updates.
I've been compiling samba36 because it did not have ADS in their binary package.

Some searches seemed to indicate that "--with-shared-modules=idmap_ad" is the needed / left-out option.

Is this something that I should submit as a bug to the official Samba site?

I'd think that AD support would include the correct ad.so library.

Here's my bug report from September regarding broken "gdb" install stuff:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194046

Here's my bug report from today regarding "ad.so" being left out of the binary package:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197320

Compiling Samba41 myself (with the "exp_modules" option) does build "ad.so" just fine, and my above config works as expected, then.

Xenomorph fucked around with this message at 17:39 on Feb 4, 2015

# ? Feb 4, 2015 05:59

Xenomorph: Jun 13, 2001

New thing.

I noticed that one of the Linux startup services I put together (/usr/local/etc/rc.d/service_name) had NOT been working since mid October or so. The system hasn't really been rebooted since then, so I never noticed the service no longer auto-started.

On boot, the service would not run.
After boot? The service started right up.

I added a bunch of logging to the service:

During boot: FATAL: kernel too old
After boot: Service started successfully!

So what changed in October? CentOS 6 became the default Linux, replacing Fedora 10. And that change required adding "sysctl compat.linux.osrelease=2.6.18" to /etc/sysctl.conf. I did that already! But that clearly doesn't work for things loaded during boot.

I'm guessing that my service is somehow running before sysctl.conf loads. "rcorder" lists my user service as one of the last services, though. Why wouldn't /etc/sysctl.conf be loaded until after boot? How can I require that my service doesn't load until /etc/sysctl.conf is loaded?

I ran the sysctl command in the service script to both check and set the kernel value:

code:

# check current linux kernel
sysctl compat.linux.osrelease >> /var/log/service.log 

# set to minimum required kernel
sysctl compat.linux.osrelease=2.6.18 >> /var/log/service.log

And that log file?

code:

compat.linux.osrelease: 2.6.16
compat.linux.osrelease: 2.6.16 -> 2.6.18

So even though "sysctl compat.linux.osrelease=2.6.18" is set in /etc/sysctl.conf, it is still at "2.6.16" during boot.

I'm not super familiar with /etc/sysctl.conf. How do I get sysctl values to load before services?

Is it OK to leave the sysctl command in my service script?

# ? Feb 6, 2015 01:58

Computer viking: May 30, 2011; Now with less breakage.

You might be able to set it in /boot/loader.conf instead? (Provided you also load the Linux module there, or have it compiled in, presumably).

# ? Feb 6, 2015 10:55

Xenomorph: Jun 13, 2001

From what I've read, /etc/sysctl.conf, which is for configuring the system kernel, isn't even touched until near the end of the boot process...

quote:

The /etc/sysctl.conf file is read in when the system goes into multi-user mode to set default settings for the kernel.

Why would such an important thing like kernel settings be one of the last things to be set?

I doubt I can change the system settings boot order, so then my next thought is how do I make sure that my "service" gets started at the very, very end of the boot process?

What if I added "KEYWORD: nostart" to the service (so it isn't loaded on boot), and then add "@reboot /patch/to/service start" to crontab to run when that loads?

# ? Feb 6, 2015 18:30

Computer viking: May 30, 2011; Now with less breakage.

If you can't set it in loader.conf, how about depending on the sysctl script (if it's implemented as an rc service, ofc)?

# ? Feb 6, 2015 19:07

Xenomorph: Jun 13, 2001

/etc/rc.d/sysctl doesn't seem to get loaded like normal services. There is no "sysctl_enable=YES" in /etc/rc.conf or anything. The "checkyesno" function in other services just gives an error (if debugging is enabled).

My solution (and I've rebooted a few times to make sure it works) is now to use "force_depend sysctl" to make sure it loads.

Example:

code:

# default service start command
start_cmd=service_start

service_start()
{
	# display what the linux kernel is set to
	echo "Pre-sysctl kernel version: $(sysctl -n compat.linux.osrelease)" >> /var/log/service.log
       
	 # load sysctl, which should set the new kernel version
	echo "Loading '/etc/sysctl.conf'..." >> /var/log/service.log
	
	if force_depend sysctl >> /var/log/service.log
	then
		# display the linux kernel version again
		echo "Post-sysctl kernel version: $(sysctl -n compat.linux.osrelease)" >> /var/log/service.log
		
		# run the startup command!
		echo "Attempting to run '/path/to/program'..." >> /var/log/service.log
		/path/to/program >> /var/log/service.log
	else
		# if sysctl cannot load, we might not have the correct kernel
		echo "Could not load '/etc/sysctl.conf'!" >> /var/log/service.log	
	fi
}

/var/log/service.log looks like this:

code:

Pre-sysctl kernel version: 2.6.16
Loading '/etc/sysctl.conf'...
Post-sysctl kernel version: 2.6.18
Attempting to run '/path/to/program'...

/var/log/messages looks like this on boot:

code:

Feb  6 17:35:51  root: /etc/rc: DEBUG: run_rc_command: doit: service_start 
Feb  6 17:35:51  root: /etc/rc: DEBUG: checkyesno: always_force_depends is set to NO.
Feb  6 17:35:51  root: /etc/rc: DEBUG: checkyesno: sysctl_enable is set to .
Feb  6 17:35:51  root: /etc/rc: WARNING: $sysctl_enable is not set properly - see rc.conf(5).
Feb  6 17:35:51  root: /etc/rc.d/sysctl: DEBUG: run_rc_command: doit: sysctl_start

# ? Feb 7, 2015 00:41

Xenomorph: Jun 13, 2001

I just updated from Samba 4.1.6 -> 4.1.17 and noticed that it no longer loaded winbindd.

I submitted a bug:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198064

# ? Feb 27, 2015 00:13

Adbot: ADBOT LOVES YOU

# ? May 29, 2024 14:34

Desuwa: Jun 2, 2011; I'm telling my mommy. That pubbie doesn't do video games right!

I've got a home server running FreeBSD and I'm having some behaviour I don't understand from packet filter. Here's my full pf.conf.

code:

ext_if = "igb1"
jail_if = "lo1"
local_net = "192.168.42.0/24"
jail_net = "192.168.43.0/24"

# Incoming services, excluding ssh
tcp_services = "{ www, https, 58024 }"
udp_services = "{ 58024 }"

local_tcp_services = "{ 445 }"
local_udp_services = "{ 137, 138 }"

icmp_types="echoreq"

set skip on lo0

# Filter certain kinds of attacks
scrub in all

# NAT out jails
nat on $ext_if inet from $jail_net to any -> ($ext_if)

block in all

# Pass in known services
pass in on $ext_if proto tcp from any to any port $tcp_services
pass in on $ext_if proto udp from any to any port $udp_services

pass in on $ext_if proto tcp from $local_net to any port $local_tcp_services
pass in on $ext_if proto udp from $local_net to any port $local_udp_services

pass in inet proto icmp all icmp-type $icmp_types

# Brute force protection for SSH
table <bruteforce> persist

block in quick from <bruteforce>
pass in quick proto tcp from any to any port ssh \
    flags S/SA keep state \
    (max-src-conn 15, max-src-conn-rate 5/60, \
    overload <bruteforce> flush global)

# Allow all outgoing connections
pass out all keep state

I am trying to get a few jails spun up for openvpn and a plex server, but the specifics aren't terribly relevant. My problem is, from the jails, I cannot access the host on any interface as long as the `block in all` line is present in pf.conf. No weird combination of rules for NAT reflection/loopback (what I thought was the problem) or rdr lines worked. I even tried a stupid, redundant configuration:

code:

pass in quick all
block in all
pass in all

It still didn't work, but just commenting out the `block in all` line works perfectly.

Packet filter uses the last matching rule, right? What could be causing this behaviour? It looks like a bug to me because from what I understand a `pass in all` after a `block in all` should completely negate the `block in all`.

I'm a bit of a novice when it comes to BSD but I wasn't able to find any information to explain this behaviour.

# ? Mar 12, 2015 06:00

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Ultimate BSD Thread™ - The Devil Wears a Neckbeard

«‹›34 »